The Anthologize WordPress plugin allows a malicious actor to cause a logged‑in user to perform actions without the user's knowledge. The flaw results from missing CSRF protection on certain endpoints, which could let an attacker trigger functions such as publishing or editing content. The vulnerability is a classic example of CWE‑352 and has a CVSS score of 4.3, indicating moderate severity.

WordPress sites that use Boone Gorges Anthologize plugin version 0.8.2 or earlier are affected. No specific WordPress core version is listed, so any site hosting the vulnerable plugin is at risk.

The EPSS score of less than 1% suggests that exploitation attempts are unlikely at this time, and the issue is not present in CISA’s KEV catalog. However, the flaw can be triggered by a crafted URL or embedded resource that the victim’s browser will automatically request while authenticated. An attacker could therefore initiate privileged actions within the site if the user has sufficient privileges. The overall risk level remains moderate, but continuous monitoring is advisable. The likely attack vector is inferred to be a malicious link or embedded content that forces the victim’s authenticated browser to send requests, although the CVE description does not explicitly detail the mechanism.